1. Field of the Invention
The present invention relates generally to problems relative to the validity check of data recorded in a memory of a portable electronic carrier such as an identification or credit card and is particularly directed to a process and an apparatus or device for authenticating or certifying at least one item of information contained in a memory of the portable electronic carrier in order to prevent fraudulent use thereof or any possibility of an unauthorized breaking in on the dialog between a transaction apparatus and a card connected thereto by attempting to make the transaction apparatus "believe" that the dialog is being conducted completely normally.
2. Description of the Prior Art
Systems based on the use of removable electronic carriers such as an identification or credit card which enable persons or organizations to perform protective operations that are peculiar to the particular applications under consideration are known in the art.
Generally speaking, each application is tantamount to permitting the holder of a card to gain access to a protected service which necessarily calls for the reading and/or writing of information in the memory of the card to enable access to the service requested and possibly to keep track of this access represented, for example, by a debit of a sum of money written into the card from the moment when the service is payable.
Taking into account the diversifications of applications that these systems can cover (bank and billing transactions, access to networks, to data banks, to subscription services, to protected enclosures, . . .) modifications or improvements are constantly being made in these systems, if only to take into consideration the characteristics that are peculiar to each application.
From the moment when a notion of protected access or protected service occurs, one must necessarily associate with this notion the notion of fraud. Indeed, the holder of a card will not be able to refrain from asking himself the followng questions:
In the case of a subscription service, is it not possible, in certain cases, to have access to this service free of charge?
Is it not possible, with the card, to have access to services to which I normally have no access?
To palliate these attempts to fraud, a very important improvement consists in using random and short passwords to prevent unauthorized use and a deceiver from reproducing a sequence of a previous authorized conversation or dialog between the transaction apparatus and the card connected thereto as a means of gaining unauthorized access to the enclosure or service. Such an improvement has been described in French Pat. No. 2,469,760 entitled "Process And System For Identifying Persons Requesting Access To Certain Circles" and its corresponding U.S. Pat. No. 4,471,216 (Ser. No. 200,785) assigned to the assignee of the present invention. The aforenoted system is satisfactory when it involves the protection of an access to a circuit that lies outside or is external to the portable electronic carrier or card; however, because it is usually in such systems to write or read information into the memory of the card, either locally or remotely, the interface between the remote transaction apparatus and the electronic carrier is particularly vulnerable to observation and simulation by specialists. There exists in such systems a possibility of deviating the dialog to an organization having the capacity to generate a plausible sequence which would enable fraudulent use of the card. To be more precise, an experienced or skilled deceiver could, by generating a sequence of information, copied from or based on previous dialog information between the card and the transaction apparatus, create signals whose object is to make the remote apparatus "believe" that the certain operations have indeed taken place in relation to a duly enabled electronic carrier or card and the transaction apparatus to which it is connected.